mutt (1.7.2-1+deb9u3) stretch-security; urgency=high * debian/patches: + added security/CVE-not-yet-released.patch to fix a possible MITM response injection attack when using STARTTLS with IMAP, POP3 and SMTP. -- Antonio Radici <email address hidden> Fri, 19 Jun 2020 06:55:35 +0200